While some of these incredibly accurate friend suggestions are amusing, others are alarming, such as this story from Lisa*, a psychiatrist who is an infrequent Facebook user, mostly signing in to RSVP for events. Last summer, she noticed that the social network had started recommending her patients as friends—and she had no idea why.

“I haven’t shared my email or phone contacts with Facebook,” she told me over the phone.

The next week, things got weirder.

Most of her patients are senior citizens or people with serious health or developmental issues, but she has one outlier: a 30-something snowboarder. Usually, Facebook would recommend he friend people his own age, who snowboard and jump out of planes. But Lisa told me that he had started seeing older and infirm people, such as a 70-year-old gentleman with a walker and someone with cerebral palsy.

“He laughed and said, ‘I don’t know any of these people who showed up on my list— I’m guessing they see you,’” recounted Lisa. “He showed me the list of friend recommendations, and I recognized some of my patients.”

She sat there awkwardly and silently. To let him know that his suspicion was correct would violate her duty to protect her patients’ privacy.

Another one of her female patients had a friend recommendation pop up for a fellow patient she recognized from the office’s elevator. Suddenly, she knew the other patient’s full name along with all their Facebook profile information.

“It’s a massive privacy fail,” said Lisa. “I have patients with HIV, people that have attempted suicide and women in coercive and violent relationships.”

Lisa lives in a relatively small town and was alarmed that Facebook was inadvertently outing people with health and psychiatric issues to her network. She’s a tech-savvy person, familiar with VPNs, Tor and computer security practices recommended by the Electronic Frontier Foundation–but she had no idea what was causing it.

She hadn’t friended any of her patients on Facebook, nor looked up their profiles. She didn’t have a guest wifi network at the office that they were all using. After seeing my report that Facebook was using location from people’s smartphones to make friend recommendations, she was convinced this happened because she had logged into Facebook at the office on her personal computer. She thought that Facebook had figured out that she and her patients were all in the same place repeatedly. However, Facebook says it only briefly used location for friend recommendations in a test and that it was just “at the city-level.”

When Lisa looked at her Facebook profile, she was surprised to see that she had, at some point, given Facebook her cell phone number. It’s a number that her patients could also have in their phones. Many people don’t realize that if they give Facebook access to their phone contacts, it uses that information to make friend recommendations; so if your ex-boss or your one-time Tinder date or your psychiatrist is a contact in your phone, you might start seeing them pop up in the “People You May Know” list.

“Oh yeah, I’ve been meaning to ask you why you’re getting off Facebook,” is the guilty and reluctant question I’m hearing a lot these days. Like we kinda know Facebook is bad, but don’t really want to know.

I’ve been a big Facebook supporter – one of the first users in my social group who championed what a great way it was to stay in touch, way back in 2006. I got my mum and brothers on it, and around 20 other people. I’ve even taught Facebook marketing in one of the UK’s biggest tech education projects, Digital Business Academy. I’m a techie and a marketer — so I can see the implications — and until now, they hadn’t worried me. I’ve been pretty dismissive towards people who hesitate with privacy concerns.